GDPR and information security: what you need to do

Information Technology Press Releases Monday June 11, 2018 14:48
Bangkok--11 Jun--Mind PR
Steve Treagust, Global Industry Director, Finance, HCM and Strategy Tero Haenninen, Chief Information Security Officer, IFS
Hackers? What are they? What do they look like? They used to be 17-year-old kids in their parents' basements. Now, they're 35-40 years old and associated with organized crime.
What do they do?
  • Malware – probably the most visible, and very volume-driven and opportunistic. Largely subsumed by Ransomware. A few people write the malware, but many people distribute it – sometimes with 24/7 telephone support!
  • APT – Advanced persistent threats are highly targeted malware, attempting to breach and infiltrate your network.
  • Activists – Target- and burst-driven, largely about vandalism.
  • Insiders – for example, Edward Snowdon who was a SharePoint admin.
  • Nation states– probably not as big a risk as the news reports suggest. But how do you define against nations states with big budgets?
And, of course, they all do it for money. We digitalize things, criminals digitize things. They are on their own digitalization journeys.
Example: Equifax

Equifax is a consumer credit reporting agency, that got hacked. They were slow to patch a known bug and in that time they were compromised. This is how hackers work: they get in, they spend a while in the system and they start extracting data.

Example: Software supply chain attack

There are two critical business packages you need to use if you do business in Ukraine. One of them, MeDoc was breached. That software had an automated patching system, but their updating system was hacked and used to release a patch with a backdoor in it. Nobody knows what was done in the after the systems were compromised, but eventually, the hackers released a destructive virus which encrypted people's computers.

So, you need to stay updated but you need to trust the patches you install. That's something we're talking about internally.

Half of the planet is connected to the internet now. Ransomware is a multi-billion dollar business. There are 200 billion IoT devices connected to the internet. Cybercrime is estimated to reach $6 trillion by 2021.

It's only going to get more messed up – unless we act – and we need to act together. The General Data Protection Regulation (GDPR) is the first sign that government doesn't think that business is acting to get this under control.

GDPR
The General Data Protection Regulation protects EU residents, so it affects all companies who hold information. It's a blunt instrument. It suggests three roles you need to consider:
  • The data subject – the person whose data is held
  • The data controller – the person who decides what is done with the data
  • The data processor – the person who analyzes or acts on the data
  • The general principle is that you should only hold data for a limited purpose and with permission, you should hold no more than that and you should dispose of it when it is no longer of use.
The six legal grounds for holding information are incredibly important, and you must provide proof you are adhering to them:
  • Consent
  • Contractual
  • Legal Obligation
  • Vital Interests
  • Public Task
  • Legitimate Interest
  • Positioning GDPR in GRC

You need information, governance activities and compliance activities. How do you manage breaches? How do you stay in compliance? If you can define that, you can bring GDPR in our Government Regulatory Compliance (GRC) process.


Latest Press Release

Delta#s Cutting-Edge UPS Systems Support Mission Critical Applications in Five Football Stadiums of the 2018 FIFA World Cup Russia(TM)

Delta, a global leader in power and thermal management solutions, announced today the strong track record of its uninterruptible power supply (UPS) systems in Russia continues thriving as they have been previously implemented in five of the football...

JUNIPER NETWORKS BECOMES GLOBAL SPONSOR OF WORLD ROBOT OLYMPIAD

Global competition that enables tens of thousands of young people to develop invaluable automation and programming skills now includes Engineering Simplicity award Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure...

Protect scattered data in physical, virtual, and cloud workloads with the Active Backup suite

Synology today announced the official release of two major backup applications in Active Backup suite of packages, the official version of Active Backup for Office 365 that supports SaaS cloud backup, and the beta version of Active Backup for Business...

ป้องกันข้อมูลที่กระจัดกระจายในระบบทั้งแบบ Physical, Virtual รวมถึงคลาวด์ด้วยชุดสำรองข้อมูล Active Backup suite

ซินโนโลยี (Synology) เปิดตัวแอพพลิเคชั่นสำรองข้อมูล 2 ตัวหลักอย่างเป็นทางการในชุดแพคเกจ Active Backup suite ซึ่งมี Active Backup for Office 365 ที่รองรับ SaaS cloud backup และ Active Backup for Business เวอร์ชั่น beta...

AMD จัดหนักงานคอมมาร์ท

อัพเดทสินค้าและสอบถามข้อมูลเพิ่มเติม Line ID: @AMDthaialnd ; Facebook.com/AMDthailand ; www.amdlover.com...

Related Topics